tls: rx: support optimistic decrypt to user buffer with TLS 1.3 - linux

diff options

author	Jakub Kicinski <kuba@kernel.org>	2022-07-06 01:59:23 +0200
committer	David S. Miller <davem@davemloft.net>	2022-07-06 13:56:35 +0200
commit	ce61327ce989b63c0bd1cc7afee00e218ee696ac (patch)
tree	bc988ed5ef9f3a025aa4fa69d3f4cf41e42e1fbd /Documentation
parent	tls: rx: don't include tail size in data_len (diff)
download	linux-ce61327ce989b63c0bd1cc7afee00e218ee696ac.tar.xz linux-ce61327ce989b63c0bd1cc7afee00e218ee696ac.zip

tls: rx: support optimistic decrypt to user buffer with TLS 1.3

We currently don't support decrypt to user buffer with TLS 1.3 because we don't know the record type and how much padding record contains before decryption. In practice data records are by far most common and padding gets used rarely so we can assume data record, no padding, and if we find out that wasn't the case - retry the crypto in place (decrypt to skb). To safeguard from user overwriting content type and padding before we can check it attach a 1B sg entry where last byte of the record will land. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'Documentation')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: